FS#19346 - [tar] buffer overflow with gcc 4.5
Attached to Project:
Arch Linux
Opened by Dave Reisner (falconindy) - Monday, 03 May 2010, 18:31 GMT
Last edited by Allan McRae (Allan) - Sunday, 30 May 2010, 09:43 GMT
Opened by Dave Reisner (falconindy) - Monday, 03 May 2010, 18:31 GMT
Last edited by Allan McRae (Allan) - Sunday, 30 May 2010, 09:43 GMT
|
Details
This is sort of a preemptive strike, as core/tar is still
compiled under gcc 4.4. Compiling tar under gcc 4.5 can
cause segfaults due to a buffer overflow. See below link for
stack trace and patch.
bug-tar@gnu.org/msg02601.html"> http://www.mail-archive.com/bug-tar@gnu.org/msg02601.html |
This task depends upon
Closed by Allan McRae (Allan)
Sunday, 30 May 2010, 09:43 GMT
Reason for closing: Fixed
Additional comments about closing: tar-1.23-3
Sunday, 30 May 2010, 09:43 GMT
Reason for closing: Fixed
Additional comments about closing: tar-1.23-3
Comment by Allan McRae (Allan) -
Friday, 21 May 2010, 12:04 GMT
The Chakra guys rebuilt this with gcc-4.5 and are not having
issues.
Comment by
Dave Reisner (falconindy) - Friday,
21 May 2010, 14:43 GMT
I'm able to replicate this by compiling with -fstack-protector-all
and -D_FORTIFY_SOURCE=2. So, if I understand SSP correctly, the
buffer overflow still silently occurs without these flags.
Comment by kujub (kujub) - Thursday,
27 May 2010, 17:53 GMT
- Field changed: Percent Complete (100% → 0%)
AFAIKS the patch is _not_ actually applied.
Comment by Allan McRae (Allan) -
Saturday, 29 May 2010, 14:20 GMT
oops.... actually applied in 1.23-3